1 / 18

Mandatory HIPAA Training

Mandatory HIPAA Training. An overview of the policies and procedures developed and implemented by Your Organization to address the HIPAA Privacy Rule. What is the HIPAA Privacy Rule?. Enacted in Aug.1996 to assure privacy and security of health information

diamond
Télécharger la présentation

Mandatory HIPAA Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mandatory HIPAA Training An overview of the policies and procedures developed and implemented by Your Organization to address the HIPAA Privacy Rule

  2. What is the HIPAA Privacy Rule? • Enacted in Aug.1996 to assure privacy and security of health information • Mandatory for all health care providers, health plans and health clearinghouses • Clearly identifies the rights of the “patient” regarding their protected health information (PHI) • Forces providers to take measures to handle PHI in a secure manner

  3. Plan for this training session • Look at the “Notice of Privacy Practices” and the rights it affords each “patient” • Learn about the policies and procedures that have been developed • Explain the revised procedures you will be following • Demonstrate that you understand

  4. Notice of Privacy Practices a “Patient” has the RIGHT to: • Request restriction on use or disclosure of PHI • Request to receive information by an alternate means or location • Access their PHI • Request amendments to their PHI • Receive and accounting of disclosures of PHI • Receive a copy of the “Notice of Privacy Practices” • File complaints regarding improper use or disclosure of PHI

  5. Understanding the lingo • HIPAA – The Standards for Privacy of Individually Identifiable Health Information • PHI – Protected Health Information • TPO – Treatment, Payment, Operation • Consent – given by “patient” to use PHI for TPO • Authorization – given by “patient” to use/disclose PHI for any other reason

  6. More lingo • Minimum necessary – disclosure of no more PHI than necessary for any given situation • Privacy Officer-person identified by organization to assure that all HIPAA policies and procedures are followed , rules on requests made by a “patient”, addresses any complaints filed (Gary Carone is our Privacy officer- Vivienne Manwaring is our Privacy consultant)

  7. HIPAA Policy Manual • Manual of actual policies available in hard copy at each location and also on the computer • Arranged into 8 sections for easy use • Should be consulted if there is any question of how to handle a situation concerning PHI • Policies contain attachments of corresponding forms • Everyone is responsible to be knowledgeable about these policies

  8. Section I – Consumer/client Rights • 13 policies beginning with “Consumer/client Privacy Rights” • Provide procedures to handle requests made or complaints files by service partners • Provide attachments of the various forms used to exercise rights and file complaints

  9. Section II –Use and Disclosure by PsychSystems • 4 policies beginning with the “General Policy on Use and Disclosure of PHI” • Addresses Minimum Necessary requirement • Accounting of Disclosures • Psychotherapy notes CAN NOT be disclosed to a consumer/client

  10. Section III – Business Associates • Only one policy • Deals with any outside organization, agency or company that provides any treatment or non-treatment service for your organization that has access to PHI

  11. Section IV – Storage, Disposal, Safeguards and Protection of PHI • 11 policies that focus on day to day use of PHI • Procedures that will be uses on a day to day basis by all employees • Several procedures that might be new • Practices to tighten up how records are stored when not in use • How PHI is copied and the use of the copy machine

  12. How to dispose of PHI – including personal notes, extra copies, old records etc. • De-identification of all material that is discarded • How to send a fax • How to handle PHI when away from the office • Verification of persons/agencies requesting PHI • What PHI a staff has access to • Completing and maintaining forms containing signatures

  13. Section V – Information Systems • Contains 3 policies • Deal with computer passwords, data classification for access, modification and deletion and development of Role Based Access for information

  14. Section VI – Handling Violations • 3 policies • Strict enforcement, sanctions and penalties for violations of privacy, up to and including dismissal • Everyone will sign a “statement of Understanding Privacy Policies” • Agency will do whatever possible to mitigate harmful effects of violations • There will be no retaliation for reporting violations

  15. Section VII- Organizational Uses of PHI • 3 policies • Defines that PHI cannot be used for marketing or fundraising • Identifies what PHI can be used in facility directories

  16. Section VIII-Uses and Disclosures of PHI Outside Your Organization • 5 policies • There are some governmental, judicial, public health and safety and Health and Human Service needs for PHI that do not require authorization

  17. TIME TO SHOW YOU UNDERSTAND!

  18. The test- please, print (slide 18 ONLY), complete and submit to PsychSystems • Name ___________________________ID # ______________ Date: _______________ • Concerning the handling of individual records. Check all that apply: • ___ A) Records cannot be taken from the office for any reason • ___ B) Records are considered to be safe as long as they are some place within our agency offices) • ___ C) File cabinets need only be locked at night • ___ D) PHI should never be discussed in a public area of the building • True or False • ___ It is acceptable to make as many copies of documents containing PHI as I want • ___ Extra copies containing PHI must be de-identified or shredded • ___ I may not leave the copy machine unattended when making copies that contain PHI • ___ Our HIPAA policies are available ion the web site • ___ By completing this training I know ALL I need to know to assure that HIPAA policies are • followed. • There is a Privacy Officer for each agency location. • Who is the primary Privacy Officer for our agency?________________________________ • True or False • ___ I am responsible to report any situations I believe to be a violation of HIPPA or agency • policies. • ___ It is possible to be dismissed from my job if I violate the Privacy Policies • ___ Consumers/clients can only file a complaint of a violation of their privacy with our agency. • ___ Our agency cannot take retaliation against anyone who reports a privacy violation. • Check all that apply • If a consumer/client makes a request to exercise one of his/her Privacy Rights, I will: • ___ Immediately grant his/her verbal request • ___ Provide him/her with the appropriate form on which to make the request • ___ Give the form to my supervisor • ___ Place the original request form in the record when the action is complete

More Related